About The ‘Swanepoel Method’

The ‘Swanepoel Method ‘ originated somewhere around mid 2016.

One fateful winter’s day, two forensicators were diligently working on mounting a dirty EXT4 file system as part an investigation into a breached eCommerce server. (I can come up with a much more elaborate story, but in most countries lying on the internet is frowned upon)

Back to the problem at hand, one of said forensicators Googled a bit and found a solution to their problem. The second forensicator, when alerted to the fact that first forensicator had mounted the filesystem, asked

How did you do it?

The first forensicator, instead of pointing the second forensicator to the 2011 Hal Pomeranz article he found on the SANS DFIR blog which provided a solution to their problem, replied with: